开发者

What is the cleanest way to add code to contrib.auth

I've migrated an old joomla installation over to django. The password hashes is an issue though. I had to modify the get_hexdigest in contrib.auth.models to have an extra if statement to reverse the way the hash is generated.

# Custom for Joomla
if algorithm == 'joomla':
    return md5_constructor(raw_password + salt).hexdigest()
# Djangos original md5
if algorithm == 'md5':
    return md5_constructor(salt + raw_password).hexdigest()

I also added the following to the User model to update the passwords after login if开发者_StackOverflow社区 they have the old joomla style:

# Joomla Backwards compat
algo, salt, hsh = self.password.split('$')
if algo == 'joomla':
    is_correct = (hsh == get_hexdigest(algo, salt, raw_password))
    if is_correct:
        # Convert the password to the new more secure format.
        self.set_password(raw_password)
        self.save()
    return is_correct

Everything is working perfectly but I'd rather not edit this code directly in the django tree. Is there a cleaner way to do this in my own project?

Thanks


Your best bet would be to roll a custom auth backend and rewrite get_hexdigest in there. Never done it myself, but documentation on how to do so is available at http://docs.djangoproject.com/en/dev/topics/auth/#authentication-backends.


Thanks for the guidance. For anyone who needs to go the other way (DJango to Joomla) with DJ passwords, the DJ format is Sha1$salt$crypt.

Joomla standard auth plugin and joomla core JUserHelper do not implement the same SHA1 algorithum but it is fairly easy to patch into joomla.php in that plugin, where the plugin normally does an explode on ':'. Do a three-part explode with '$' and use salt = [1], compare that against $encrypted = sha1($salt.$plaintext), match that against the crypt [2].

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜